Cybersecurity Technician Junior or Journeyman - Adelphi, MD
Location: Adelphi, Maryland
Clearance: Preference for TS SCI, but can work with Secret. Sec+
SNVC is seeking a Cyber Security Specialist - Journeyman with a preference for TS SCI, but can work with Secret. Sec+, one other CSSP qualification from 8570-1M (like CEH), and one Computing Environment Certification i.e. HBSS, ACAS, Splunk, etc). Must be local to MD, DC, VA – in person/remote hybrid. Cannot be 100% remote.
Primary Responsibilities:
Coordinate investigation and response efforts throughout the Incident Response lifecycle
Correlate and analyze events and data to determine scope of Cyber Incidents
Acquire and analyze endpoint and network artifacts to determine impact direct remediation efforts for affected subscribers
Recognize attacker tactics, techniques, and procedures as potential indicators of compromise (IOCs) that can be used to improve monitoring, analysis and Incident Response.
Develop, document, and maintain Incident Response process, procedures, workflows, and playbooks
Tune and maintain security tools (IDS and SIEM) to reduce false positives and improve SOC detection capabilities
Document Investigation and Incident Response actions taken in Case Management Systems and prepare formal Incident Reports for affected subscribers
Work in a dynamic and fast-paced environment to defend the DODIN from highly-capable advanced persistent threats (APTs).
Basic Qualifications:
Require BS degree and 2 – 8 years of prior relevant experience in order to operate within the scope contemplated by the level.; additional experience in lieu of degree may be acceptable
Team player comfortable working with others to achieve mission objectives
Able to support traditional SOC shift work (i.e. days/swings/mids)
Demonstrated experience utilizing an enterprise Security Information and Event Management (SIEM) system to monitor data flow between networks
Hands-on experience analyzing high volumes of logs, network data (e.g. Netflow, Full Packet Capture) to identify malicious, suspicious, or non-compliance activity with varying degrees of complexity & sophistication
Background in traffic and/or packet analysis
Good understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common network security elements
Understanding of cloud security concepts and considerations
Must have a DoD-8570 IAT Level 2 baseline certification (Security+ CE or equivalent) to start
Familiarity with Unix systems
Preferred Qualifications:
Hands-on cybersecurity experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization
Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings
Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intelligence driven defense and/or Cyber Kill Chain methodology
Experience in a 24x7 environment.